From 0fb1da0490d840eddccf87668a4c095d8905325c Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Thu, 26 Jan 2017 15:41:56 +0100
Subject: Move and adapt letsencrypt.sh → dehydrated.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 dehydrated/conf.d/secp384r1.sh          |  2 ++
 dehydrated/conf.d/staging.sh            |  2 ++
 dehydrated/cron.weekly/local-dehydrated | 23 +++++++++++++++++++++++
 3 files changed, 27 insertions(+)
 create mode 100644 dehydrated/conf.d/secp384r1.sh
 create mode 100644 dehydrated/conf.d/staging.sh
 create mode 100755 dehydrated/cron.weekly/local-dehydrated

(limited to 'dehydrated')

diff --git a/dehydrated/conf.d/secp384r1.sh b/dehydrated/conf.d/secp384r1.sh
new file mode 100644
index 0000000..7969796
--- /dev/null
+++ b/dehydrated/conf.d/secp384r1.sh
@@ -0,0 +1,2 @@
+# Use NIST P-384 as public key algorithm
+KEY_ALGO=secp384r1
diff --git a/dehydrated/conf.d/staging.sh b/dehydrated/conf.d/staging.sh
new file mode 100644
index 0000000..edf55e9
--- /dev/null
+++ b/dehydrated/conf.d/staging.sh
@@ -0,0 +1,2 @@
+# Use staging service
+CA="https://acme-staging.api.letsencrypt.org/directory"
diff --git a/dehydrated/cron.weekly/local-dehydrated b/dehydrated/cron.weekly/local-dehydrated
new file mode 100755
index 0000000..e07e5d9
--- /dev/null
+++ b/dehydrated/cron.weekly/local-dehydrated
@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# Renew letsencrypt certificates
+
+set -eu
+
+# update certdomain certs
+dehydrated --cron
+
+# update non-EC maildomain cert if resolvable and not clashing with certdomain
+maildomain=$(cat /etc/local-REDPILL/$(cat /etc/local-ORG/realm)/mailhost)
+fqdn=$(hostname --fqdn)
+[ -z "$fqdn" ] \
+	|| [ "$maildomain" = "$fqdn" ] \
+	|| extradomains=${extradomains:+$extradomains }$fqdn
+domain=$(hostname --domain)
+[ -z "$domain" ] \
+	|| [ "$maildomain" = "$domain" ] \
+	|| [ "$fqdn" = "$domain" ] \
+	|| extradomains=${extradomains:+$extradomains }$domain
+[ -z "$maildomain" ] \
+	|| grep ^"$maildomain" /etc/dehydrated/domains.txt \
+	|| dehydrated --cron --domain "$maildomain $extradomains" --algo rsa
-- 
cgit v1.2.3